Enhancing Fault Tolerance in ARINC 653-compliant Partitioned Systems: A Focus on Dynamic Reconfiguration

Kurzfassung

Avionic systems are critical for aircraft and spacecraft, incorporating key subcomponents such as Collision Avoidance Systems (CAS) and Terrain Awareness and Warning Systems (TAWS). The software within these systems must be resilient against failures, often using hypervisors to separate subcomponents into partitions that share CPU resources. However, these systems are subject to dynamic constraints, failures, or attacks, which can render precompiled configurations inflexible and insufficient. To address these challenges, there is a growing need for adaptive systems that can dynamically respond to changing operational and security conditions. One promising approach is dynamic reconfiguration, where alternative subcomponents take over from failing ones. For example, if camera vision fails in the dark, a RADAR system can compensate. However, ARINC 653-compliant hypervisors offer limited support for reconfiguration at run-time due to their fixed inter-partition communication structure. In this work, we introduce a "mitigator", along with routing and health monitoring components, to handle run-time partition failures within an ARINC 653-compliant environment. The mitigator dynamically reconfigures the system using redundancies and a run-time scoring scheme to replace failed partitions and optimize the use of remaining ones, ensuring continued functionality and performance. Our evaluation measures the system’s adaptation speed and output coverage, revealing a trade-off between fault tolerance and processing overhead.